ItalianoITEnglishENFrançaisFREspañolESDeutschDEУкраїнськаUAРусскийRUالعربيةAR

Last updated: 27 May 2026

This Privacy Policy explains how Heritage International Institute processes personal data in connection with this website, institutional communications, research and project-related correspondence, applications, proposals and materials voluntarily submitted to the Institute. It is provided pursuant to Regulation (EU) 2016/679 (GDPR) and applicable Italian data protection law.

1. Data Controller

Heritage International Institute
Via Camilla 3
00181 Roma, Italy
C.F. 96638600583
PEC: heritageinternational@pec.it

2. Categories of personal data processed

Depending on how users interact with the Institute, the following categories of personal data may be processed:

  • Identification and contact data: name, surname, email address, PEC address, telephone number, organisation, role, affiliation and postal address.
  • Professional, academic and application data: CVs, biographies, academic titles, professional experience, publications, portfolios, references, motivation letters, project applications, abstracts, research proposals and related documentation.
  • Submitted content and project materials: papers, research files, photographs, audiovisual materials, presentations, reports, fieldwork materials, institutional profiles, collaboration proposals and other materials voluntarily sent to the Institute.
  • Image and profile data: photographs, portraits, videos, speaker or board member profiles, author biographies and event or project participation information, where provided or authorised.
  • Communications data: messages, requests, attachments, metadata necessary to manage correspondence and records of institutional exchanges.
  • Technical data: IP address, browser and device information, pages visited, approximate access time, security logs, hosting/CDN logs and information necessary for website delivery and security.
  • Cookie preference data: the user's cookie choice stored locally in the browser.

3. Special categories of data

The Institute does not intentionally request special categories of personal data through the website unless a specific project, call, research activity or legal requirement makes this necessary and appropriate safeguards are provided. Users should avoid sending unnecessary sensitive data. If submitted materials contain data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, data concerning sex life or sexual orientation, or information about vulnerable persons or communities, such data will be processed only where a valid legal basis applies and only to the extent necessary for the relevant purpose.

4. Purposes of processing

Personal data may be processed for the following purposes:

  • operating, securing, maintaining and improving the website;
  • responding to contact requests and institutional correspondence;
  • receiving, reviewing and managing research materials, proposals, applications, CVs, abstracts, project documents and collaboration requests;
  • organising, documenting and communicating projects, calls, events, publications, academic activities and partnerships;
  • evaluating eligibility, expertise, authorship, participation and suitability for projects, boards, events, publications or cooperation opportunities;
  • managing administrative, accounting, contractual, legal and compliance requirements;
  • protecting the rights, safety, reputation and legitimate interests of the Institute, its partners, contributors and users;
  • managing cookie preferences and, where enabled, optional analytics or similar technologies based on consent.

5. Legal bases

The legal bases for processing may include: performance of pre-contractual or contractual measures requested by the user; legitimate interest in managing institutional activities, correspondence, project evaluation, research cooperation, website security and documentation; compliance with legal obligations; consent, where required for optional cookies, specific publications, image use, newsletters or other optional activities; and, where applicable, tasks carried out in the public interest or for research, educational, cultural or archival purposes with appropriate safeguards.

6. Recipients and authorised persons

Personal data may be accessed by authorised personnel and collaborators of Heritage International Institute. Where necessary for the relevant purpose, data may also be shared with academic board members, selection or evaluation committees, project partners, institutional partners, event organisers, research collaborators, technical providers, hosting/CDN providers, email and PEC providers, IT maintenance suppliers, legal/accounting advisers and public authorities where required by law.

7. International dimension and transfers

Because the Institute works in an international cultural, academic and project context, submitted materials and related personal data may be reviewed or discussed with partners, experts or collaborators located outside Italy and, in some cases, outside the European Economic Area. Where GDPR transfer rules apply, the Institute will rely on an adequacy decision, Standard Contractual Clauses, derogations applicable to the specific situation, explicit consent where appropriate, or another lawful transfer mechanism.

8. Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, unless a longer period is required or permitted by law. Contact requests are retained for the time needed to manage the request and related institutional records. Application and proposal materials may be retained for the duration of the selection process and for a reasonable subsequent period for accountability, project development and future institutional opportunities, unless deletion is requested and no overriding reason requires retention. Materials connected to funded projects, research activities, publications, events, accounting, contracts or legal obligations may be retained for the relevant project, archival, administrative or statutory retention period. Technical logs are retained for security and maintenance periods proportionate to the risk.

9. Minors

The website is not directed specifically at children. Materials concerning minors should be submitted only by persons authorised to do so and only where necessary for a legitimate project, educational, cultural or institutional purpose. Additional consent, authorisation or safeguards may be requested before processing or publishing such materials.

10. Publication of profiles and materials

Where appropriate, the Institute may publish names, roles, affiliations, biographies, photographs, project participation details, papers, abstracts or other materials on its website, event pages, publications, reports or institutional communication channels. Publication will be based on a suitable legal basis, permission, agreement, consent or legitimate institutional purpose, depending on the context.

11. Data subject rights

Data subjects may request access, rectification, erasure, restriction, portability and objection, and may withdraw consent where processing is based on consent. Requests can be sent via PEC to heritageinternational@pec.it. The exercise of rights may be subject to legal limits, including where retention is necessary for legal obligations, defence of claims, research, archival purposes or overriding legitimate interests.

12. Complaint to the supervisory authority

Data subjects have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) via www.garanteprivacy.it.

13. Updates

This Privacy Policy may be updated to reflect legal, technical, organisational or project-related changes. The updated version will be published on this page.